Worm:Win32/Ramnit.A copies itself to %ProgramFiles%\microsoft\desktoplayer.exe.
It also creates a mutex named "KyUffThOkYwRRtgPP".
Worm:Win32/Ramnit.A launches the default web browser and injects code to it.
Analysis by Chun Feng
The following could indicate that you have this threat on your PC:
- You have these files: